oss-sec mailing list archives
CVE-2018-10841 glusterfs: access trusted peer group via remote-host command
From: Siddharth Sharma <siddharth () redhat com>
Date: Wed, 20 Jun 2018 15:58:10 -0400 (EDT)
A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. It was found that any gluster client authenticated via TLS could use gluster cli with --remote-host command to add itself to gluster trusted pool and perform all gluster operations like peer probe itself or other machines, start, stop, delete volumes etc. https://bugzilla.redhat.com/show_bug.cgi?id=1582043 Respectfully, Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A Fingerprint : 6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
Current thread:
- CVE-2018-10841 glusterfs: access trusted peer group via remote-host command Siddharth Sharma (Jun 20)